Chatsubo [(in)Security Dark] Labs

"... A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts... A graphic representation of data abstracted from banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding into the distance... "
--
William Gibson.

jueves, 26 de agosto de 2010

Chatsubo [(in)Security Dark] Labs say Hi !

Well, before I go to bed, I'd like to present my workplace, the :

Chatsubo [(in)Security Dark] Labs.
Here, cool stuff happens, insanity crossing the wires, sparks emerging from the keyboards and damn g00d music resounding the walls. Nowadays, distributed in 3 different geographic locations in Mexico, The Chatsubo Labs is armed with laptops, servers, desktops, one firewall, one access point, switches and routers. In there, resides research projects, tons and tons of lines of c0de developed by me (nitrØus), a variety of Operating Systems (Solaris, OpenBSD, NetBSD, Minix, Gentoo, Debian, CentOS, n00buntu, RedHat, IOS and probably others) and many virtual machines to have fun as well.

By now, you may be wondering where the hell the name came from? Well, It's inpired in the bar described early in the Cyberpunk novell Neuromancer (William Gibson), The Chat (short of Chatsubo), exists in some particularly dingy corner of Night City, in Chiba, Japan. Then, that's why I liked the name, a concensual hallucination, my meeting place for cyberspace c0wboys and hackers (friends of mine) eager to do interesting stuff.

Now, lexicographically speaking, the [] and the () represents nested options, what I mean is that I can call my labs as any of the following ways (which helps me in different situations depending on the context;)):
- Chatsubo Labs
- Chatsubo inSecurity Dark Labs
- Chatsubo Security Dark Labs

Wanna see?... A picture is worth a thousand words, so, this is it !, a picture of the Chat that I took a few years ago in one of the currently 3 different geographic locations:


The next is a picture of an old laptop where I learned some of Operating Systems Development and learned how to build my 0wn boot loader in ASM in a floppy disk (3.5") jeje. With this toy, I used to have fun with my first OpenBSD 3.4 and Red Hat Linux 7.3


What about decoration???... Well, a jellyfish thank and lavalamp helps to make the Chatsubo Labs a nice place to work:



Video of the Jellyfish Tank:


Finally, if u want 2 add teh labs on ur 0wn website/bl0g, these are the *official* banners (note my highly specialized graphic design sk1lls in MS Paint jaja):




Keep r0cking !!!!! Ch33rz !
- nitrØus

martes, 24 de agosto de 2010

Advanced Persistent Threat

I was reordering and deleting some old bookmarks, and I found a good article I read the past month about APT.

For those who haven't heard about it, I suggest u to read this good article...

Understanding the advanced persistent threat
by: Richard Bejtlich
Issue: Jul 2010
http://searchsecurity.techtarget.com/magazinePrintFriendly/0,296905,sid14_gci1516312,00.html

l8 chr33z !!

domingo, 8 de agosto de 2010

John the Ripper benchmark

These are the results of a little benchmark that I performed a couple of months ago.

Versions that I compiled and tested:
- ANY
- SSE2
- MMX
- NTLM (source code patched to crack NTLM hashes)

BENCHMARKING
ANY
Benchmarking: Traditional DES [24/32 4K]... DONE
Many salts: 278297 c/s real, 347004 c/s virtual
Only one salt: 268979 c/s real, 334551 c/s virtual

Benchmarking: BSDI DES (x725) [24/32 4K]... DONE
Many salts: 9484 c/s real, 11738 c/s virtual
Only one salt: 9288 c/s real, 11552 c/s virtual

Benchmarking: FreeBSD MD5 [32/32]... DONE
Raw: 6795 c/s real, 8472 c/s virtual

Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE
Raw: 409 c/s real, 496 c/s virtual

Benchmarking: Kerberos AFS DES [24/32 4K]... DONE
Short: 266547 c/s real, 331526 c/s virtual
Long: 772505 c/s real, 960827 c/s virtual

Benchmarking: NT LM DES [32/32 BS]... DONE
Raw: 4773K c/s real, 5951K c/s virtual


MMX
Benchmarking: Traditional DES [64/64 BS MMX]... DONE
Many salts: 1041K c/s real, 1301K c/s virtual
Only one salt: 936512 c/s real, 1150K c/s virtual

Benchmarking: BSDI DES (x725) [64/64 BS MMX]... DONE
Many salts: 34188 c/s real, 42417 c/s virtual
Only one salt: 33753 c/s real, 41982 c/s virtual

Benchmarking: FreeBSD MD5 [32/32]... DONE
Raw: 6794 c/s real, 8425 c/s virtual

Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE
Raw: 417 c/s real, 520 c/s virtual

Benchmarking: Kerberos AFS DES [48/64 4K MMX]... DONE
Short: 339046 c/s real, 422751 c/s virtual
Long: 1031K c/s real, 1276K c/s virtual

Benchmarking: NT LM DES [64/64 BS MMX]... DONE
Raw: 8434K c/s real, 10516K c/s virtual


SSE2
Benchmarking: Traditional DES [128/128 BS SSE2]... DONE
Many salts: 2050K c/s real, 2543K c/s virtual
Only one salt: 1760K c/s real, 2194K c/s virtual

Benchmarking: BSDI DES (x725) [128/128 BS SSE2]... DONE
Many salts: 68352 c/s real, 85014 c/s virtual
Only one salt: 66560 c/s real, 82376 c/s virtual

Benchmarking: FreeBSD MD5 [32/32]... DONE
Raw: 6819 c/s real, 8465 c/s virtual

Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE
Raw: 417 c/s real, 520 c/s virtual

Benchmarking: Kerberos AFS DES [48/64 4K MMX]... DONE
Short: 339814 c/s real, 420562 c/s virtual
Long: 1025K c/s real, 1279K c/s virtual

Benchmarking: NT LM DES [128/128 BS SSE2]... DONE
Raw: 9648K c/s real, 11912K c/s virtual


NTLM Patch
Benchmarking: Traditional DES [24/32 4K]... DONE
Many salts: 280217 c/s real, 348529 c/s virtual
Only one salt: 269644 c/s real, 333718 c/s virtual

Benchmarking: BSDI DES (x725) [24/32 4K]... DONE
Many salts: 9659 c/s real, 12013 c/s virtual
Only one salt: 8982 c/s real, 10980 c/s virtual

Benchmarking: FreeBSD MD5 [32/32]... DONE
Raw: 6806 c/s real, 8402 c/s virtual

Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE
Raw: 417 c/s real, 520 c/s virtual

Benchmarking: Kerberos AFS DES [24/32 4K]... DONE
Short: 265574 c/s real, 331140 c/s virtual
Long: 741427 c/s real, 901979 c/s virtual

Benchmarking: NT LM DES [32/32 BS]... DONE
Raw: 4750K c/s real, 5836K c/s virtual

Benchmarking: NT MD4 [Generic 1x]... DONE
Raw: 9549K c/s real, 11906K c/s virtual



CRACKING
[nitr0us@nectar run]$ ./unshadow ~/passwd ~/shadow > ~/passshad

ANY
[nitr0us@nectar run]$ time ./john ~/passshad
Loaded 4 password hashes with 4 different salts (FreeBSD MD5 [32/32])
eilrahc (charlie)
newpass (ted)
Bond007 (jim)
virginia (monk)
guesses: 4 time: 0:00:00:01 100% (2) c/s: 5654 trying: virginia

real 0m1.016s
user 0m0.730s
sys 0m0.022s

MMX
[nitr0us@nectar run]$ time ./john ~/passshad
Loaded 4 password hashes with 4 different salts (FreeBSD MD5 [32/32])
eilrahc (charlie)
newpass (ted)
Bond007 (jim)
virginia (monk)
guesses: 4 time: 0:00:00:00 100% (2) c/s: 5768 trying: virginia

real 0m1.008s
user 0m0.695s
sys 0m0.025s



SSE2
[nitr0us@nectar run]$ time ./john ~/passshad
Loaded 4 password hashes with 4 different salts (FreeBSD MD5 [32/32])
eilrahc (charlie)
newpass (ted)
Bond007 (jim)
virginia (monk)
guesses: 4 time: 0:00:00:00 100% (2) c/s: 5827 trying: virginia

real 0m0.984s
user 0m0.734s
sys 0m0.016s


NTLM-Patch
ANY
[nitr0us@nectar run]$ time ./john ~/PWDUMP_OUT.txt
Loaded 7 password hashes with no different salts (NT LM DES [32/32 BS])
PASSWOR (susan:1)
JOSHUA (falken)
A (monk:2)
MASTER1 (george)
VIRGINI (monk:1)
8 (susan:2)
POOR (mike)
guesses: 7 time: 0:00:00:01 (3) c/s: 1560K trying: 4OUH - POOR

real 0m1.252s
user 0m0.843s
sys 0m0.043s


[nitr0us@nectar run]$ time ./john ~/PWDUMP_OUT.txt --format=nt
Loaded 5 password hashes with no different salts (NT MD4 [Generic 1x])
joshua (falken)
master1 (george)
virginia (monk)
passwor8 (susan)
poor (mike)
guesses: 5 time: 0:00:00:01 (3) c/s: 1309K trying: cbc7 - pamc

real 0m1.474s
user 0m0.952s
sys 0m0.040s


MMX
[nitr0us@nectar run]$ time ./john ~/PWDUMP_OUT.txt
Loaded 7 password hashes with no different salts (NT LM DES [64/64 BS MMX])
PASSWOR (susan:1)
JOSHUA (falken)
A (monk:2)
MASTER1 (george)
VIRGINI (monk:1)
8 (susan:2)
POOR (mike)
guesses: 7 time: 0:00:00:01 (3) c/s: 1727K trying: 4OUH - PAVS

real 0m1.127s
user 0m0.804s
sys 0m0.039s

[nitr0us@nectar run]$ time ./john ~/PWDUMP_OUT.txt --format=nt
Loaded 5 password hashes with no different salts (NT MD4 [Generic 1x])
joshua (falken)
master1 (george)
virginia (monk)
passwor8 (susan)
poor (mike)
guesses: 5 time: 0:00:00:01 (3) c/s: 1426K trying: cbc7 - pamc

real 0m1.348s
user 0m1.009s
sys 0m0.040s


SSE2
[nitr0us@nectar run]$ time ./john ~/PWDUMP_OUT.txt
Loaded 7 password hashes with no different salts (NT LM DES [128/128 BS SSE2])
PASSWOR (susan:1)
JOSHUA (falken)
A (monk:2)
MASTER1 (george)
VIRGINI (monk:1)
8 (susan:2)
POOR (mike)
guesses: 7 time: 0:00:00:01 (3) c/s: 1915K trying: 4OUH - PRN3

real 0m1.019s
user 0m0.732s
sys 0m0.030s

[nitr0us@nectar run]$ time ./john ~/PWDUMP_OUT.txt --format=nt
Loaded 5 password hashes with no different salts (NT MD4 [X86 SSE2 5x])
joshua (falken)
master1 (george)
virginia (monk)
passwor8 (susan)
poor (mike)
guesses: 5 time: 0:00:00:01 (3) c/s: 1459K trying: cbjk - pov0

real 0m1.315s
user 0m0.935s
sys 0m0.046s

Interesting results ;) ... HAPPY CRACKING !!